Question No: 131

A customer has configured NetApp storage device to send events to QRadar SIEM. The customer wants an alert to be generated whenever error messages (Improper power supply in the shelf for NetApp device) appear on the console.

How can a QRadar administrator generate the alert whenever error message appear on the QRadar console?

Offenses gt; Rules gt; Actions gt; New Event Rule

Offenses gt; Rules gt; Click on Rule Wizard Button

Admin Tab gt; Rule Management gt; New Event Rule

Admin Tab gt; Rule Management gt; Actions gt; New Event Rule

Answer: A

Question No: 132

A customer wants to detect users that logged in from IP addresses in different locations simultaneously.

How can the customer achieve this using the QRadar console?

Create a rule to test for login failures from different country with 15 minutes

Create a rule to check for a local login within corporate network and simultaneous remote login

Create a rule to test for 2 or more logins from VPN or AD from different countries within 15 minutes

Create an offense to test for 2 or more logins from VPN or AD from different countries within 15 minutes

Answer: B,C Explanation:

References:

Question No: 133

There is a requirement at the customer site to double the default QFlow Maximum Content Capture size.

What would be the resulting packet size?

64 bytes

128 bytes

256 bytes

1024 bytes

Answer: B

Question No: 134

An off-site source can be connected to which component?

QFlow

Event Collector

Flow Processor

Event Processor

Answer: C Explanation:

References:

Question No: 135

Which two options need to be set when adding host inside deployment editor? (Choose two.)

Netmask

IP Address

Root password

QRadar version

Gateway IP Address

Answer: B,E Explanation:

References:

Question No: 136

Which two IP Addresses are required to Add a HA host? (Choose two.)

Public IP Address

Private IP Address

Cluster IP Address

Remote IP Address

IP Address of Secondary Host

Answer: C,E Explanation:

References:

Question No: 137

Which network monitoring port does Juniper Jflow require to be configured in QRadar?

Port 80

Port 443

Port 1080

Port 2055

Answer: D

Question No: 138

What functionalities of QRadar provide the ability to collect, understand, and properly categorize events from external sources?